dvlprsh-dcql-test 0.1.8

package/src/dcql.ts

@@ -0,0 +1,170 @@
+import { CredentialBase } from './credentials/credential';
+import { SdJwtVcCredential } from './credentials/sdjwtvc.credential';
+import { Claims, CredentialSet, rawDCQL } from './type';
+
+/**
+ * This class represent DCQL query data structure
+ */
+export class DCQL {
+  private _credentials: CredentialBase[] = [];
+  private _credential_sets?: CredentialSet[];
+
+  constructor({
+    credentials,
+    credential_sets,
+  }: {
+    credentials?: CredentialBase[];
+    credential_sets?: CredentialSet[];
+  }) {
+    this._credentials = credentials ?? [];
+    this._credential_sets = credential_sets;
+  }
+
+  addCredential(credential: CredentialBase) {
+    this._credentials.push(credential);
+    return this;
+  }
+
+  addCredentialSet(credential_set: CredentialSet) {
+    if (!this._credential_sets) {
+      this._credential_sets = [];
+    }
+    this._credential_sets.push(credential_set);
+    return this;
+  }
+
+  serialize(): rawDCQL {
+    return {
+      credentials: this._credentials.map((c) => c.serialize()),
+      credential_sets: this._credential_sets,
+    };
+  }
+
+  static parse(raw: rawDCQL): DCQL {
+    const credentials = raw.credentials.map((c) => {
+      if (c.format === 'dc+sd-jwt') {
+        return SdJwtVcCredential.parseSdJwtCredential(c);
+      }
+      throw new Error('Invalid credential format');
+    });
+
+    return new DCQL({
+      credentials,
+      credential_sets: raw.credential_sets,
+    });
+  }
+
+  /**
+   * Match credentials against an array of data records according to section 6.4.2 rules.
+   *
+   * If credential_sets is not provided, all credentials in credentials are requested.
+   * Otherwise, the Verifier requests credentials satisfying:
+   * - All required credential sets (where required is true or omitted)
+   * - Optionally, any other credential sets
+   *
+   * @param dataRecords Array of data records to match against
+   * @returns Object containing match result and matched credentials with their claims
+   */
+  match(dataRecords: Record<string, unknown>[]): {
+    match: boolean;
+    matchedCredentials?: Array<{
+      credential: Record<string, unknown>;
+      matchedClaims: Claims[];
+      dataIndex: number;
+    }>;
+  } {
+    // No credentials to match
+    if (this._credentials.length === 0) {
+      return { match: false };
+    }
+
+    // Results array to collect all matches
+    const allMatches: Array<{
+      credential: Record<string, unknown>;
+      dcqlCredential: CredentialBase;
+      matchedClaims: Claims[];
+      dataIndex: number;
+    }> = [];
+
+    // Check each credential against each data record
+    this._credentials.forEach((credential) => {
+      // Try to match the credential against each data record
+      dataRecords.forEach((data, index) => {
+        const result = credential.match(data);
+
+        // If there's a match, add it to our results
+        if (result.match) {
+          allMatches.push({
+            credential: data,
+            dcqlCredential: credential,
+            matchedClaims: result.matchedClaims,
+            dataIndex: index,
+          });
+        }
+      });
+    });
+
+    // If no credentials matched any data, return no match
+    if (allMatches.length === 0) {
+      return { match: false };
+    }
+
+    // If credential_sets is not defined, return all matched credentials
+    if (!this._credential_sets || this._credential_sets.length === 0) {
+      return {
+        match: true,
+        matchedCredentials: allMatches,
+      };
+    }
+
+    // Handle credential sets if they exist
+    const matchedIds = new Set(
+      allMatches.map((match) => {
+        const serialized = match.dcqlCredential.serialize();
+        return serialized.id;
+      }),
+    );
+
+    // First, separate required credential sets
+    const requiredSets = this._credential_sets.filter(
+      (set) => set.required === undefined || set.required === true,
+    );
+
+    // Check if all required sets are satisfied
+    const satisfiedRequiredSets = requiredSets.every((set) =>
+      this.isCredentialSetSatisfied(set, matchedIds),
+    );
+
+    // If any required set is not satisfied, we can't match
+    if (!satisfiedRequiredSets) {
+      return { match: false };
+    }
+
+    // We've satisfied all required sets, return all matched credentials
+    return {
+      match: true,
+      matchedCredentials: allMatches.map((matches) => {
+        return {
+          credential: matches.credential,
+          matchedClaims: matches.matchedClaims,
+          dataIndex: matches.dataIndex,
+        };
+      }),
+    };
+  }
+
+  /**
+   * Check if a credential set is satisfied by the matched credential IDs
+   * A credential set is satisfied if at least one of its options is satisfied
+   */
+  private isCredentialSetSatisfied(
+    set: CredentialSet,
+    matchedIds: Set<string>,
+  ): boolean {
+    // A set is satisfied if at least one of its options is satisfied
+    return set.options.some((option) => {
+      // An option is satisfied if all credential IDs in the option are matched
+      return option.every((credentialId) => matchedIds.has(credentialId));
+    });
+  }
+}

package/src/index.ts

@@ -0,0 +1,4 @@
+export * from './dcql';
+export * from './credentials/credential';
+export * from './credentials/sdjwtvc.credential';
+export * from './type';

package/src/match.ts

@@ -0,0 +1,88 @@
+/**
+ * Process a claims path pointer
+ * @param path The claims path pointer array
+ * @param data The credential data
+ * @returns Array of selected JSON elements
+ * @throws Error if processing should be aborted according to the specification
+ */
+export const pathMatch = (
+  path: Array<string | number | null>,
+  data: any,
+): any[] => {
+  // Start with the root element
+  let selectedElements: any[] = [data];
+
+  // Process the path from left to right
+  for (const component of path) {
+    const nextSelectedElements: any[] = [];
+
+    // Process each currently selected element
+    for (const element of selectedElements) {
+      // String: select the element with the key in the currently selected elements
+      if (typeof component === 'string') {
+        if (
+          element === null ||
+          typeof element !== 'object' ||
+          Array.isArray(element)
+        ) {
+          // According to spec: "If any of the currently selected element(s) is not an object,
+          // abort processing and return an error."
+          throw new Error(
+            'Path component requires object but found non-object element',
+          );
+        }
+
+        if (component in element) {
+          nextSelectedElements.push(element[component]);
+        }
+      }
+      // null: select all elements of the currently selected arrays
+      else if (component === null) {
+        if (element === null || !Array.isArray(element)) {
+          // According to spec: "If any of the currently selected element(s) is not an array,
+          // abort processing and return an error."
+          throw new Error(
+            'Null path component requires array but found non-array element',
+          );
+        }
+
+        nextSelectedElements.push(...element);
+      }
+      // number: select the element at the index in the currently selected arrays
+      else if (
+        typeof component === 'number' &&
+        component >= 0 &&
+        Number.isInteger(component)
+      ) {
+        if (element === null || !Array.isArray(element)) {
+          // According to spec: "If any of the currently selected element(s) is not an array,
+          // abort processing and return an error."
+          throw new Error(
+            'Numeric path component requires array but found non-array element',
+          );
+        }
+        // If the index does not exist in a selected array, remove that array from the selection
+        if (component < element.length) {
+          nextSelectedElements.push(element[component]);
+        }
+      }
+      // Invalid component type
+      else {
+        // According to spec: "If the component is anything else, abort processing and return an error."
+        throw new Error(`Invalid path component: ${component}`);
+      }
+    }
+
+    // If no elements were selected, abort processing
+    if (nextSelectedElements.length === 0) {
+      // According to spec: "If the set of elements currently selected is empty,
+      // abort processing and return an error."
+      throw new Error('No elements selected after processing path component');
+    }
+
+    // Update the selected elements for the next iteration
+    selectedElements = nextSelectedElements;
+  }
+
+  return selectedElements;
+};

package/src/test/dcql.spec.ts

@@ -0,0 +1,295 @@
+import { describe, expect, it } from 'vitest';
+import { DCQL } from '../dcql';
+import { SdJwtVcCredential } from '../credentials/sdjwtvc.credential';
+import { Claims, CredentialSet, rawDCQL } from '../type';
+
+describe('DCQL', () => {
+  it('should create an instance', () => {
+    const dcql = new DCQL({});
+    expect(dcql).toBeDefined();
+  });
+
+  describe('addCredential', () => {
+    it('should add a credential', () => {
+      const dcql = new DCQL({});
+      const credential = new SdJwtVcCredential('test-id', 'test-vct');
+
+      const result = dcql.addCredential(credential);
+
+      // Should return this for chaining
+      expect(result).toBe(dcql);
+
+      // Verify it was added by checking serialized output
+      const serialized = dcql.serialize();
+      expect(serialized.credentials).toHaveLength(1);
+      expect(serialized.credentials[0].id).toBe('test-id');
+    });
+
+    it('should add multiple credentials', () => {
+      const dcql = new DCQL({});
+      const credential1 = new SdJwtVcCredential('test-id-1', 'test-vct-1');
+      const credential2 = new SdJwtVcCredential('test-id-2', 'test-vct-2');
+
+      dcql.addCredential(credential1).addCredential(credential2);
+
+      const serialized = dcql.serialize();
+      expect(serialized.credentials).toHaveLength(2);
+      expect(serialized.credentials[0].id).toBe('test-id-1');
+      expect(serialized.credentials[1].id).toBe('test-id-2');
+    });
+  });
+
+  describe('addCredentialSet', () => {
+    it('should add a credential set', () => {
+      const dcql = new DCQL({});
+      const credentialSet: CredentialSet = {
+        options: [['test-id-1'], ['test-id-2']],
+        required: true,
+      };
+
+      const result = dcql.addCredentialSet(credentialSet);
+
+      // Should return this for chaining
+      expect(result).toBe(dcql);
+
+      // Verify it was added by checking serialized output
+      const serialized = dcql.serialize();
+      expect(serialized.credential_sets).toHaveLength(1);
+      expect(serialized.credential_sets?.[0].options).toHaveLength(2);
+      expect(serialized.credential_sets?.[0].required).toBe(true);
+    });
+
+    it('should initialize credential_sets array if undefined', () => {
+      const dcql = new DCQL({});
+      const credentialSet: CredentialSet = {
+        options: [['test-id-1']],
+      };
+
+      dcql.addCredentialSet(credentialSet);
+
+      const serialized = dcql.serialize();
+      expect(serialized.credential_sets).toBeDefined();
+      expect(serialized.credential_sets).toHaveLength(1);
+    });
+  });
+
+  describe('parse', () => {
+    it('should parse valid raw DCQL with sd-jwt-vc credential', () => {
+      const rawDcql: rawDCQL = {
+        credentials: [
+          {
+            id: 'test-id',
+            format: 'dc+sd-jwt',
+            meta: { vct_values: ['test-vct'] },
+            multiple: true,
+            trusted_authorities: [{ type: 'aki', value: ['test-authority'] }],
+            require_cryptographic_holder_binding: true,
+            claims: [{ path: ['$.vc.credentialSubject.firstName'] }],
+          },
+        ],
+      };
+
+      const dcql = DCQL.parse(rawDcql);
+      const serialized = dcql.serialize();
+
+      expect(serialized.credentials).toHaveLength(1);
+      expect(serialized.credentials[0]).toEqual(rawDcql.credentials[0]);
+    });
+
+    it('should parse DCQL with credential sets', () => {
+      const rawDcql: rawDCQL = {
+        credentials: [
+          {
+            id: '0',
+            format: 'dc+sd-jwt',
+            meta: {
+              vct_values: [
+                'eu.europa.ec.eudi.pid.1',
+                'urn:eu.europa.ec.eudi:pid:1',
+              ],
+            },
+            claims: [
+              {
+                path: ['family_name'],
+                id: 'family_name',
+              },
+              {
+                path: ['given_name'],
+                id: 'given_name',
+              },
+            ],
+          },
+        ],
+        credential_sets: [
+          {
+            options: [['0']],
+            purpose: 'PID (sd-jwt-vc) - first_name and given_name',
+          },
+        ],
+      };
+
+      const dcql = DCQL.parse(rawDcql);
+      const serialized = dcql.serialize();
+
+      expect(serialized.credentials).toHaveLength(1);
+      expect(serialized.credential_sets).toHaveLength(1);
+      expect(serialized.credential_sets![0].options).toEqual([['0']]);
+    });
+  });
+
+  describe('serialize', () => {
+    it('should serialize empty DCQL', () => {
+      const dcql = new DCQL({});
+      const serialized = dcql.serialize();
+
+      expect(serialized).toEqual({
+        credentials: [],
+        credential_sets: undefined,
+      });
+    });
+
+    it('should serialize DCQL with credentials and credential sets', () => {
+      const dcql = new DCQL({});
+      const credential = new SdJwtVcCredential('test-id', ['test-vct']);
+      const credentialSet: CredentialSet = {
+        options: [['test-id']],
+        required: false,
+      };
+
+      dcql.addCredential(credential).addCredentialSet(credentialSet);
+
+      const serialized = dcql.serialize();
+      expect(serialized).toEqual({
+        credentials: [credential.serialize()],
+        credential_sets: [credentialSet],
+      });
+    });
+  });
+
+  describe('match', () => {
+    it('empty data', () => {
+      const rawDcql: rawDCQL = {
+        credentials: [
+          {
+            id: 'cred-1',
+            format: 'dc+sd-jwt',
+            meta: { vct_values: ['vct-1'] },
+          },
+          {
+            id: 'cred-2',
+            format: 'dc+sd-jwt',
+            meta: { vct_values: ['vct-2'] },
+          },
+        ],
+        credential_sets: [
+          {
+            options: [['cred-1'], ['cred-2']],
+            required: true,
+          },
+        ],
+      };
+      const dcql = DCQL.parse(rawDcql);
+      const result = dcql.match([]);
+      expect(result).toEqual({ match: false });
+    });
+
+    it('test 1', () => {
+      const rawDcql: rawDCQL = {
+        credentials: [
+          {
+            id: 'cred-1',
+            format: 'dc+sd-jwt',
+            meta: { vct_values: ['vct-1'] },
+          },
+          {
+            id: 'cred-2',
+            format: 'dc+sd-jwt',
+            meta: { vct_values: ['vct-2'] },
+          },
+        ],
+        credential_sets: [
+          {
+            options: [['cred-1'], ['cred-2']],
+            required: true,
+          },
+        ],
+      };
+      const dcql = DCQL.parse(rawDcql);
+      const result = dcql.match([{ vct: 'vct-1', name: 'name-1' }]);
+      expect(result).toEqual({
+        match: true,
+        matchedCredentials: [
+          {
+            credential: { vct: 'vct-1', name: 'name-1' },
+            matchedClaims: [],
+            dataIndex: 0,
+          },
+        ],
+      });
+    });
+
+    it('Should match with animo credential', () => {
+      const dataRecords = {
+        vct: 'eu.europa.ec.eudi.pid.1',
+        given_name: 'Erika',
+        family_name: 'Mustermann',
+      };
+
+      const rawDcql: rawDCQL = {
+        credentials: [
+          {
+            id: '0',
+            format: 'dc+sd-jwt',
+            meta: {
+              vct_values: [
+                'eu.europa.ec.eudi.pid.1',
+                'urn:eu.europa.ec.eudi:pid:1',
+              ],
+            },
+            claims: [
+              {
+                path: ['family_name'],
+                id: 'family_name',
+              },
+              {
+                path: ['given_name'],
+                id: 'given_name',
+              },
+            ],
+          },
+        ],
+        credential_sets: [
+          {
+            options: [['0']],
+            purpose: 'PID (sd-jwt-vc) - first_name and given_name',
+          },
+        ],
+      };
+      const dcql = DCQL.parse(rawDcql);
+      const result = dcql.match([dataRecords]);
+      expect(result).toEqual({
+        match: true,
+        matchedCredentials: [
+          {
+            credential: {
+              vct: 'eu.europa.ec.eudi.pid.1',
+              family_name: 'Mustermann',
+              given_name: 'Erika',
+            },
+            matchedClaims: [
+              {
+                id: 'family_name',
+                path: ['family_name'],
+              },
+              {
+                id: 'given_name',
+                path: ['given_name'],
+              },
+            ],
+            dataIndex: 0,
+          },
+        ],
+      });
+    });
+  });
+});

package/src/test/index.spec.ts

@@ -0,0 +1,7 @@
+import { describe, expect, test } from 'vitest';
+
+describe('Test#1', () => {
+    test('Test#1', () => {
+        expect(1).toBe(1);
+    });
+});